Merge "Allow some denials we have seen."

am: a52fb4e311

Change-Id: I945b65f77cf0eaadb24d49270ce37612d0983093

sepolicy/vendor/dnsmasq.te

@@ -0,0 +1 @@
+dontaudit dnsmasq kernel:system module_request;

sepolicy/vendor/hal_graphics_allocator_default.te

@@ -0,0 +1 @@
+dontaudit hal_graphics_allocator_default kernel:system module_request;

sepolicy/vendor/hal_graphics_composer_default.te

@@ -34,3 +34,5 @@ userdebug_or_eng(`
         allow hal_graphics_composer_default diag_device:chr_file rw_file_perms;
 ')
 dontaudit hal_graphics_composer_default diag_device:chr_file rw_file_perms;
+
+dontaudit hal_graphics_composer_default kernel:system module_request;

sepolicy/vendor/netmgrd.te

@@ -35,6 +35,7 @@ wakelock_use(netmgrd)
 
 #Allow netutils usage
 domain_auto_trans(netmgrd, netutils_wrapper_exec, netutils_wrapper)
+allow netmgrd netutils_wrapper:process sigkill;
 
 #Allow diag logging
 allow netmgrd sysfs_timestamp_switch:file { read open };

sepolicy/vendor/system_server.te

@@ -22,3 +22,5 @@ dontaudit system_server audioserver:file write;
 dontaudit system_server untrusted_app:file write;
 dontaudit system_server hal_audio_default:file write;
 dontaudit system_server appdomain:file write;
+
+dontaudit system_server self:capability sys_module;

sepolicy/vendor/wcnss_service.te

@@ -40,3 +40,5 @@ allow wcnss_service sysfs_soc:file r_file_perms;
 
 # request_firmware causes a denial for /firmware. It can be safely ignored
 dontaudit wcnss_service firmware_file:dir search;
+
+r_dir_file(wcnss_service, sysfs_net)